miti
/
linux-sgx-trts-modified


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431
							/*
 * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   * Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *   * Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in
 *     the documentation and/or other materials provided with the
 *     distribution.
 *   * Neither the name of Intel Corporation nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */

#include "u_long_term_pairing.h"
#include <cstddef>
#include "helper.h"
#include "uecall_bridge.h"
#include <Buffer.h>

#include "interface_psda.h"

#include "pse_pr_sigma_1_1_defs.h"
#include "sigma_helper.h"

#include "aeerror.h"
#include <list>
#include "oal/oal.h"
#include "PSEPRClass.h"

#include "pairing_blob.h"
#include "byte_order.h"

#if defined(_DEBUG)

#include "PSDAService.h"
#include "aesm_epid_blob.h"
#include "aesm_encode.h"

#endif
#define PSEPR_LOST_ENCLAVE_RETRY_COUNT        3
extern uint32_t upse_iclsInit();


// FLOW
//                                   Verifier              Prover         Intel Server
//  uRequestS1FromME                    |--M1: Start Pairing->|               |
//                                      |<-M2: SIGMA S1-------|               |
//  uGetR2                              |                     |               |
//                                      |                     |               |
//  uLoadPairingBlob                    |                     |               |
//                                      |                     |               |
//  uGetSigRLFromServer                 |--M3: GID_cse || R2----------------->|
//                                      |<-M4: Sig_is(RL_cse || R2)-----------|
//  uGetOCSPResponseFromServer          |--M5: OCSPReq----------------------->|
//                                      |<-M6: OCSPResp-----------------------|
//                                      |                     |               |
//  tGenM7 (enclave call)               Send S1, Receive S2
//                                      |                     |               |
//  uExchangeS2AndS3WithME              |--M7: SIGMA S2------>|               |
//                                      |<-M8: SIGMA S3-------|               |
//  uGetGroupIdFromME                   |                     |               |
//                                      |                     |               |
//  tVerifyM8 (enclave call)            Send S3, Receive updated pairing blob
//                                      |                     |               |
//  uSavePairingBlob                    |                     |               |


//*********************************************************************
// Prototypes of static functions
//*********************************************************************

static ae_error_t DoLongTermPairing(bool* p_new_pairing);
//*********************************************************************
// Main engine routine for Long-Term Pairing
//*********************************************************************
ae_error_t create_sigma_long_term_pairing(bool* p_new_pairing)
{
    ae_error_t status = AE_FAILURE;

    SGX_DBGPRINT_PRINT_ANSI_STRING("Begin Long Term Pairing");

    try
    {
        unsigned rcount = AESM_RETRY_COUNT;
        do
        {
            status = DoLongTermPairing(p_new_pairing);

            if(status == AESM_PSDA_NOT_PROVISONED_ERROR)
            {
                // retry CSE Provision
                if (upse_iclsInit() == 0)
                {
                    rcount--;
                    continue;
                }
                break;
            }

            if (status == PSE_PR_ENCLAVE_LOST_ERROR || status == AESM_PSDA_SESSION_LOST
                || status == AESM_PSDA_WRITE_THROTTLED)
            {
                //
                // went to sleep while in enclave
                // in this case (beginning of flow), we should just retry, after first destroying and then reloading
                // note that this code gets significantly more complicated if the PSE-pr ever becomes multi-threaded
                //
                if (status == PSE_PR_ENCLAVE_LOST_ERROR)
                {
                    CPSEPRClass::instance().unload_enclave();
                    if ((status = CPSEPRClass::instance().load_enclave()) != AE_SUCCESS)
                    {
                        if(status != AESM_AE_OUT_OF_EPC)
                            status = AE_FAILURE;
                        break;
                    }
                    SaveEnclaveID(CPSEPRClass::instance().GetEID());
                }
                rcount--;
                continue;
            }

            break;

        } while (rcount > 0);
    }
    catch (...)
    {
        status = AESM_PSE_PR_EXCEPTION;
    }

    //    if (AE_SUCCESS != status)
    //  {
    //      upsePersistentStorage::Delete(PSE_PR_LT_PAIRING_FID);
    //      Helper::RemoveCertificateChain();
    //  }

    SGX_DBGPRINT_PRINT_FUNCTION_AND_RETURNVAL(__FUNCTION__, status);
    SGX_DBGPRINT_PRINT_ANSI_STRING("End Long Term Pairing");

    return status;
}


//*********************************************************************
// Do the long term pairing logic
//*********************************************************************
static ae_error_t DoLongTermPairing(bool* p_new_pairing)
{
    std::list<upse::Buffer> certChain;

    upse::Buffer certChainVLR;
    upse::Buffer keyBlob;
    upse::Buffer pairingBlob;
    upse::Buffer ocspReq;
    upse::Buffer ocspResp;
    upse::Buffer s1;
    upse::Buffer s2;
    upse::Buffer s3;
    upse::Buffer sigRL;
    upse::Buffer privRL;

    if (NULL == p_new_pairing)
        return AESM_PSE_PR_BAD_POINTER_ERROR;

    ae_error_t status = AE_FAILURE;

    pse_pr_interface_psda* pPSDA = NULL;

    do
    {
        pPSDA = new pse_pr_interface_psda();
        BREAK_IF_FALSE( (NULL != pPSDA),
            status, AESM_PSE_PR_INSUFFICIENT_MEMORY_ERROR);

        //=====================================================================
        // Start: LONG TERM PAIRING protocol
        //=====================================================================

        //*********************************************************************
        // Load the pairing blob from persistent storage.
        // Load the verifier certificate and CA certificate chain.
        // The ECDSA key pair was generated during certificate provisioning.
        //*********************************************************************
        status = Helper::read_ltp_blob(pairingBlob);
        pairing_blob_t* pairing_blob = (pairing_blob_t*)pairingBlob.getData();
        BREAK_IF_FAILED_ERR(status, AESM_NLTP_NO_LTP_BLOB);
        SGX_DBGPRINT_PRINT_ANSI_STRING("pairing blob load success");

        // Received during Certificate Chain Provisioning
        status = Helper::LoadCertificateChain(certChain);
        BREAK_IF_FAILED_ERR(status, AESM_NPC_NO_PSE_CERT);
        SGX_DBGPRINT_PRINT_ANSI_STRING("Certificate Chain load success");

        //*********************************************************************
        // Retrieve S1 from ME/CSE
        //*********************************************************************

        status = pPSDA->GetS1(pairing_blob->plaintext.pse_instance_id, s1);
        SGX_DBGPRINT_ONE_STRING_ONE_INT_LTP("Function: pPSDA->GetS1(s1), Return Value: ", status);
        BREAK_IF_FAILED(status);

        BREAK_IF_FALSE( (s1.getSize() == sizeof(SIGMA_S1_MESSAGE)),
            status, AESM_PSE_PR_INTERNAL_ERROR);

        const SIGMA_S1_MESSAGE* pS1 = (const SIGMA_S1_MESSAGE*)s1.getData();

#if 1
        upse::Buffer tGID;
        uint32_t serializedGID = (uint32_t)pS1->Gid;
        status = tGID.Alloc((uint8_t*)&serializedGID, sizeof(uint32_t));
        BREAK_IF_FAILED(status);
        SigmaHelper::SetGID(tGID);
#endif

        //*********************************************************************
        // Retrieve Sig RL and Priv RL from Intel Server (okay if it can't retrieve them)
        //*********************************************************************
        status = SigmaHelper::GetRLsFromServer(sigRL, privRL);
        if (AE_SUCCESS != status)
            AESM_LOG_WARN(g_event_string_table[SGX_EVENT_EPID11_RL_RETRIEVAL_FAILURE]);
        SGX_DBGPRINT_PRINT_ANSI_STRING("RL requested");

        //*********************************************************************
        // Retrieve OCSP Responses from Intel Server
        //*********************************************************************
        status = SigmaHelper::GetOcspResponseFromServer(certChain, pS1->OcspReq, ocspResp);
        if (AE_SUCCESS != status) {
            AESM_LOG_WARN(g_event_string_table[SGX_EVENT_OCSP_FAILURE]);
        }
		if (OAL_PROXY_SETTING_ASSIST == status) {
            SGX_DBGPRINT_PRINT_ANSI_STRING("proxy error during OCSP");
			break;
		}
        if (AESM_LTP_PSE_CERT_REVOKED == status) {
            SGX_DBGPRINT_PRINT_ANSI_STRING("OCSP server returns cert_revoked");
            break;
        }
        BREAK_IF_FALSE( (status == AE_SUCCESS), status, AESM_PSE_PR_GET_OCSPRESP_ERROR);
        SGX_DBGPRINT_PRINT_ANSI_STRING("OCSP retrieval success");

        //*********************************************************************
        // Package the Certificate Chain as a VLR
        //*********************************************************************
        status = Helper::PrepareCertificateChainVLR(certChain, certChainVLR);
        BREAK_IF_FAILED(status);
        SGX_DBGPRINT_PRINT_ANSI_STRING("Certificate Chain prepared success");

        //*********************************************************************
        // Communicate with PSE_pr enclave
        // Send:    s1, sigRL, ocspResp, verifierCert, pairingBlob
        // Receive: s2
        //*********************************************************************
        status = tGenM7(s1, sigRL, ocspResp, certChainVLR, pairingBlob, s2);
        if (PSE_PR_MSG_COMPARE_ERROR == status) {
            AESM_LOG_ERROR("%s", g_event_string_table[SGX_EVENT_EPID11_SIGRL_INTEGRITY_ERROR]);
        }
        BREAK_IF_FAILED(status);
        SGX_DBGPRINT_PRINT_ANSI_STRING("M7 success");

        //*********************************************************************
        // Communicate with ME/CSE
        // Send:    s2
        // Receive: s3
        //*********************************************************************
        status = pPSDA->ExchangeS2AndS3(pairing_blob->plaintext.pse_instance_id, s2, s3);
        SGX_DBGPRINT_ONE_STRING_ONE_INT_LTP("Function: pPSDA->ExchangeS2AndS3(s2, s3), Return Value: ", status);
        if (AESM_PSDA_LT_SESSION_INTEGRITY_ERROR == status) {
            AESM_LOG_ERROR("%s", g_event_string_table[SGX_EVENT_SIGMA_S2_INTEGRITY_ERROR]);
            SGX_DBGPRINT_PRINT_ANSI_STRING("pairing blob deleted");
            Helper::delete_ltp_blob();
        }
        BREAK_IF_FAILED(status);
        SGX_DBGPRINT_PRINT_ANSI_STRING("PSDA Exchange success");

        //*********************************************************************
        // Communicate with PSE_pr enclave
        // Send:    s3, privRL, epidGroupCert, epidParamsCert, pairingBlob
        // Receive: pairingBlob, bNewPairing flag
        //*********************************************************************
        status = tVerifyM8(s3, privRL, pairingBlob, *p_new_pairing);
        if (PSE_PR_MSG_COMPARE_ERROR == status) {
            AESM_LOG_ERROR("%s", g_event_string_table[SGX_EVENT_EPID11_PRIVRL_INTEGRITY_ERROR]);
        }
        BREAK_IF_TRUE((status == PSE_PR_PCH_EPID_SIG_REVOKED_IN_GROUPRL), status, AESM_LTP_PSE_CERT_REVOKED);
        BREAK_IF_FAILED(status);
        SGX_DBGPRINT_PRINT_ANSI_STRING("M8 success");

        //*********************************************************************
        // Save the sealed pairing blob to persistent storage.
        //*********************************************************************
        status = Helper::write_ltp_blob(pairingBlob);
        BREAK_IF_FAILED(status);
        SGX_DBGPRINT_PRINT_ANSI_STRING("pairing blob written success");

        status = AE_SUCCESS;

#if defined(_DEBUG)
        uint32_t pseSvn = certPseSvn();
        SGX_DBGPRINT_ONE_STRING_ONE_INT("certPseSvn() returns ", pseSvn);

        uint32_t sgxGid = 0;
        EPIDBlob::instance().get_sgx_gid(&sgxGid);
        SGX_DBGPRINT_ONE_STRING_ONE_INT("get_sgx_gid() returns ", sgxGid);

        uint32_t psdaSvn = 0;
        psdaSvn = Helper::ltpBlobPsdaSvn(*(pairing_blob_t*)pairingBlob.getData());
        SGX_DBGPRINT_ONE_STRING_ONE_INT("ltpBlobPsdaSvn() returns ", psdaSvn);

        unsigned currentPsdaSvn = 0;
        PSDAService::instance().current_psda_svn(&currentPsdaSvn);
        SGX_DBGPRINT_ONE_STRING_ONE_INT("current_psda_svn() returns ", currentPsdaSvn);

        uint32_t cseGid = 0;
        ae_error_t ltpBlobCseGid(uint32_t* pGid);
        ltpBlobCseGid(&cseGid);
        SGX_DBGPRINT_ONE_STRING_ONE_INT("ltpBlobCseGid() returns ", cseGid);

#endif
    } while (false);

    if (NULL != pPSDA)
    {
        delete pPSDA;
    }

    if (PSE_PAIRING_BLOB_UNSEALING_ERROR == status || PSE_PAIRING_BLOB_INVALID_ERROR == status)
    {
        SGX_DBGPRINT_PRINT_ANSI_STRING("Invalid pairing blob.");
        Helper::delete_ltp_blob();
    }

    if (AE_FAILED(status))
    {
        switch (status)
        {
        case OAL_NETWORK_UNAVAILABLE_ERROR:     AESM_LOG_FATAL(g_event_string_table[SGX_EVENT_OCSP_FAILURE]); break;
        case PSE_PAIRING_BLOB_UNSEALING_ERROR:  AESM_LOG_FATAL(g_event_string_table[SGX_EVENT_LTP_BLOB_INTEGRITY_ERROR]); break;
        case PSE_PAIRING_BLOB_INVALID_ERROR:    AESM_LOG_FATAL(g_event_string_table[SGX_EVENT_LTP_BLOB_INVALID_ERROR]); break;
        case AESM_LTP_PSE_CERT_REVOKED:
            {
                AESM_LOG_FATAL("%s", g_event_string_table[SGX_EVENT_ME_EPID_GROUP_REVOCATION]);
                break;
            }
        case PSE_PR_PCH_EPID_SIG_REVOKED_IN_PRIVRL:
            {
                AESM_LOG_FATAL("%s", g_event_string_table[SGX_EVENT_ME_EPID_KEY_REVOCATION]);
                break;
            }
        case PSE_PR_PCH_EPID_SIG_REVOKED_IN_SIGRL:
            {
                AESM_LOG_FATAL("%s", g_event_string_table[SGX_EVENT_ME_EPID_SIG_REVOCATION]);
                break;
            }
        case AE_FAILURE:
            {
                AESM_LOG_FATAL("%s", g_event_string_table[SGX_EVENT_LTP_FAILURE]);
                break;
            }
        default: break;
        }
    }


    SGX_DBGPRINT_PRINT_FUNCTION_AND_RETURNVAL(__FUNCTION__, status);
    return status;
}

//
// ltpBlobCseGid
//
// return value of CSE GID from long-term pairing blob
//
// inputs
// pGid: pointer to uint32_t that will hold GID
//
// outputs
// *pGid: CSE GID
// status
//
// different return type?
//
ae_error_t ltpBlobCseGid(uint32_t* pGid)
{
    upse::Buffer pairing_blob;
    ae_error_t retVal = AE_SUCCESS;

    if (NULL != pGid) {
        //
        // read blob
        //
        retVal = upsePersistentStorage::Read(PSE_PR_LT_PAIRING_FID, pairing_blob);
        if (AE_SUCCESS == retVal) {
            const pairing_blob_t* pb = (const pairing_blob_t*) pairing_blob.getData();
            if (NULL != pb) {
                *pGid = pb->plaintext.cse_sec_prop.ps_hw_gid;
            }
            else {
                retVal = AESM_PSE_PR_INTERNAL_ERROR;
            }
        }
        else {
            retVal = AESM_PSE_PR_PERSISTENT_STORAGE_READ_ERROR;
        }
    }
    else {
        retVal = AESM_PSE_PR_BAD_POINTER_ERROR;
    }

    return retVal;
}